ISSAI 4000:Issues coming out of the maintenance

groups

Mona PaulsrudCAS meeting, Oslo

17th of September 2014

1

Work ahead

2

December 2014:ISSAI 4000 draft for comments in PSC steering committee

May 2015:ISSAI 4000 exposure draft to the PSC steering committee

August- October 2015:ISSAI 4000 exposure period

May 2016:ISSAI 4000 endorsement version to the PSC steering committee

October 2016:ISSAI 4000 endorsement at INCOSAI, Abu Dhabi

Further process on ISSAI 4000 draft

15th of October: Deadline for comments and proposals on language and style

31st of October: Deadaline for comments and proposals on substance and contents

3

Prerequisites from ISSAI 100/400

Process oriented approachRisk based auditing

Professional judgement & skepticismCovering the variety of compliance audit

practices across INTOSAIBoth direct reporting and attestation

engagements

4

Compliance Audit Subject Matters

…the authorities which govern them

“Relevant acts or resolutions of the legislature or other statutory instruments, directions and guidance issued by public sector bodies with powers provided for in statute, with which the audited entity is expected to comply.”

6

Authorities - the sources of audit criteria

Authorities

Criteria

Narrowing down the audit scope..

Authorities in two forms

9

Authorities

Regularity Propriety

GREY ZONE OF INTERPRETATION

How to draw the line..

REGULARITYThe concept that the subject matter

is in accordance with authorizing legislation, regulations issued under

governing legislation and other relevant legal documents which lay

down the rules and procedures to be adhered to by the audited entity which provide a legal framework

within which the subject matter is being exercised, and these are

properly sanctioned.

PROPRIETY

General principles of sound public sector financial

management and conduct of public sector officials.

10

Issues raised

• Does the spirit or intention of laws and regulations belong to regularity or propriety?

• A code of conduct or ethics – would it belong to regularity or propriety?

• Are fraud risks generally linked to breach of propriety?

11

Assurance

Assurance

Intended users wish to be confident about the reliability and relevance of the information which they use as the basis for taking decisions. Audits therefore provide information based on sufficient and appropriate evidence, and auditors should perform procedures to reduce or manage the risk of reaching inappropriate conclusions. The level of assurance that can be provided to the intended user should be communicated in a transparent way. However, due to inherent limitations, audits can never provide absolute assurance.

ISSAI 100 paragraph 31

The core of assurance

Is the audit evidence obtained sufficient and appropriate so as to reduce the audit risk to an

acceptably low level?

Is the audit evidence obtained sufficient and appropriate so as to reduce the audit risk to an

acceptably low level?

Materiality

Risk assessmen

t

Reconsidering:

Communicating assurance

Depending on the audit and the users’ needs, assurance can be communicated - through opinions and conclusions which explicitly convey the level of assurance.

ISSAI 100 para. 32

15

Opinion and conclusion – what is the difference?

The conclusion is a statement of the auditor covering the audit scope on the basis of the findings assessed against the criteria and conveying explicitly the level of assurance of the audit.

NEW ISSAI 4000 para. 158 - 160

An opinion is a statment of the auditor expressed in a standardized form of a clear written expression of modification or unmodification.

NEW ISSAI 4000 para. 161-166

16

Issues raised

• Is an opinion only relevant in attestation engagements? – NO

• Is an opinion only given in relation to the financial statements? – NO

• Can an opinion only be given on quantitative subject matters? - NO

17

Opinion and conclusion – what is the difference?

“The conclusion may be expressed as an elaborate answer to specific audit questions or take the form of a clear written statement of opinion on compliance, often in addition to the opinion on the financial statements. While an opinion is common in attestation engagements, the answering of specific audit questions is more often used in direct reporting engagements.”

NEW ISSAI 4000 para. 160

18

Opinion and conclusion – what is the difference?

“Where an opinion is provided the auditor states whether it is unmodified or has been modified on the basis of the evaluation of materiality and pervasiveness. Delivering an opinion would normally require a more elaborate audit strategy and approach that encompasses a tangible population covered both by quantitative and qualitative sampling during the audit.”

NEW ISSAI 4000 para. 163

19

Opinion and conclusion – what is the difference?

20

Conclusion

Sampling

Opinion

ISSAI 4000 para. 158 - 160

ISSAI 4000 para.161- 166

ISSAI 4000 para.137-141

Audit sampling

21

QuantitativeQualitative

ISSAI 4000 – in need of further elaboration?

• Materiality• Reasonable and limited assurance• Audit scope• Subject matter and criteria in relation to direct

reporting and attestation engagements• Understanding the entity

22

ISSAI 4000 – in need of further elaboration? (continuing)

• Control environment/ intrenal controls• Risk of non compliance• Documentation

• Combinations of compliance with financial and/or performance auditing

23

ISSAI 4000 – the need for further elaborations?

Prioritizations and further work of the committee.

24